Posted on 11/10/2005 10:03:29 AM PST by steve-b
Virus writers have begun taking advantage of Sony-BMG's use of rootkit technology in DRM software bundled with its music CDs.
Sony-BMG's rootkit DRM technology masks files whose filenames start with "$sys$". A newly-discovered variant of of the Breplibot Trojan takes advantage of this to drop the file "$sys$drv.exe" in the Windows system directory....
(Excerpt) Read more at theregister.co.uk ...
Thanks a lot Sony. You SonyBeaches.
They are already in trouble and have been for some time.
I can only hope that this is a cautionary tale for other companies who hope to "protect" their products in the same way.
I blame them both.
Ping for later self-reference.
In an interview with NPR reporter Neda Ulaby, the President of Sony BMG's Global Digital Business, Thomas Hesse, defends Sony's installation of a rootkit by declaring, "Most people, I think, don't even know what a Rootkit is, so why should they care about it?"So help me God, I am not making this up.
This bozo makes Mary Mapes' defense of the Dan Rather bogus memos look like a masterpiece of logic and reason.
He thinks that people not knowing what a rootkit is excuses these actions? So, by his logic, would it be ok for me to develop some new kind of virus or such* since most people won't know what it is? Lord Almighty, what a moron.
MGY
*Hypothetical only. I'm not developing any malicious programs.
Ping
I'm sorry, but I must insist that all self-referencing posts conform to my trademarked tagline.
LOL!
I recently purchased Imogen Heap's new CD (Speak for Yourself), an RCA Victor release, but with distribution credited to Sony/BMG. Reading recent reports of a Sony rootkit, I decided to poke around. In addition to the standard volume for AIFF files, there's a smaller extra partition for "enhanced" content. I was surprised to find a "Start.app" Mac application in addition to the expected Windows-related files. Running this app brings up a long legal agreement, clicking Continue prompts you for your username/password (uh-oh!), and then promptly exits. Digging around a bit, I find that Start.app actually installs 2 files: PhoenixNub1.kext and PhoenixNub12.kext.
Don't blame Sony? I guess you're the type that blames gun manufacturers for criminal use of firearms too. And BTW, AFAIK it doesn't "automatically install". The EULA/installer comes up automatically under autorun, but I don't believe it installs until you agree to the EULA. In other words, you are basically deliberately installing software on your machine, whether you know it or not (and Sony goes out of its way to make sure you don't), so it's a classic Trojan.
The EULA doesn't mention the hidden software. But more to the point, there's no good reason for allowing an audio disk to install software that alters the OS. It's stupid of MSFT to allow such behavior.
Hmmmm... not good. I was not aware of this until you brought it to my attention. I will see what I can find out.
The one saving grace is that for Mac users, the administrator name and password is required before it is installed. At least, we know that something is being installed... not WHAT is being installed, but we have a chance to say no. If it turns out that Sony's intrusive software is otherwise innocuous for other than DRM, one can choose to accept it to listen to their music. . . if you trust Sony. I don't.
I haven't read the EULA myself but the site referencing a possible problem with Macs as quoted above by TechJunkYard, goes on to say:
In Sony's defense, upon closer reading of the EULA, they essentially tell you that they will be installing software. Also, this is apparently not the same technology used in the recent Windows rootkits (made by XCP), but rather a DRM codebase developed by SunnComm, who promotes their Mac-aware DRM technology on their site.
Perhaps they changed the EULA for the Mac community. I suspect that it is included in the PC version as well... the lawyers would be on top of this.
Better yet, buy one of their new CDs and listen to it on your computer... then talk to you attorney. Get in on the ground floor with one of the lawsuits!
You, too, can own Sony...
As I’ve stated several times already, Sony’s rootkit hides the Digital Rights Management (DRM) files from users that have it installed, so users not monitoring the developments in this story are unaware of the scope and intrusiveness of the DRM. The End User License Agreement (EULA) does not provide any details on the software or its cloaking. Further, the software installation does not include support information and lacks a registration option, making it impossible for users to contact Sony and Sony to contact its users.
this sort of thing has been going on for a long time. There's an undocumented registry key called "Super Hidden" which allows files to be hidden from explorer, even if you have the option to show hidden files set to on. There were some variants of the Code Red virus that took advantage of this. The only way to see those files was to open a command prompt and do a "dir /a"
But believe me, there are ways to hide files in all OS, not just Windows. Heck, I used to hide files in unix all the time by just embedding backspaces into the file name, or using non-printing characters. The only way to see those file names was to do an octal dump of the directory!
Mark
the cool thing is that if you embed backspace characters in the name, along with the character that suppresses the new line character (sorry, it's been too many years for me), the wild card searches will show the file names, but they're backspaced too quickly to see! My favorite ways to hide information on a unix system was to hide files and directories like this, as well as mounting empty (or "dummy") filesystems over directories.
Mark
Given the 'ls' source, it would be trivial to patch it to be immune to such trickery (btw, if 'ls' lets escape characters through unfiltered, depending upon the terminal you use, a nasty person could take control of your account if you do an 'ls' in his directory).
Which is why the current directory ( '.' ) is NEVER in root's path! BTW, all you need is to set up a setuid script or c program, and that tactic is a great way to create a new admin account without the root user knowing about it. Or doing all sorts of other nefarious things.
Mark
I'm not defending Sony... just it is now time for us all to start carefully reading those damn EULAs!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.